gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com Open in urlscan Pro
149.255.59.17 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/
Effective URL:
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/websrc?country.x=&locale.x=_
Submission: On June 30 via api (June 30th 2023, 9:34:16 pm UTC) from US — Scanned from US

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 21 HTTP transactions. The main IP is 149.255.59.17, located in United Kingdom and belongs to AWARESOFT, GB. The main domain is gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com.
TLS certificate: Issued by R3 on June 30th 2023. Valid for: 3 months.

This is the only time gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
5 7	149.255.59.17 149.255.59.17	34931 (AWARESOFT) (AWARESOFT)
9	192.229.210.155 192.229.210.155	15133 (EDGECAST) (EDGECAST)
21	3

7 149.255.59.17 (United Kingdom) 5 redirects

ASN34931 (AWARESOFT, GB)
PTR: cloud008.liveboxserver.uk

gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 192.229.210.155 (United States)

ASN15133 (EDGECAST, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2178	88 KB
7	gameinfocenter.com 5 redirects gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com	15 KB
0	paypal.com Failed c.paypal.com Failed t.paypal.com Failed
21	3

	Domain	Requested by
9	www.paypalobjects.com	gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com www.paypalobjects.com
7	gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com	5 redirects gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com www.paypalobjects.com
0	t.paypal.com Failed
0	c.paypal.com Failed	www.paypalobjects.com
21	4

This site contains no links.

Subject Issuer	Validity	Valid
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com R3	`2023-06-30` - `2023-09-28`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-11-09` - `2023-12-10`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/websrc?country.x=&locale.x=_
Frame ID: E2CC5FAA0E6C660870E52DD76EF07D9B
Requests: 19 HTTP requests in this frame

Frame: https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.html
Frame ID: F3EFBCDE88CCD3581795D350A25E4AEF
Requests: 1 HTTP requests in this frame

Frame: https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.html
Frame ID: 41A54302F7AC37452AEAED3D0DA4B830
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/ HTTP 302
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin HTTP 301
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/ HTTP 302
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d HTTP 301
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/ HTTP 302
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/websrc?country.x=&locale.x=_ Page URL

Detected technologies

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

Page Statistics

21
Requests

52 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

102 kB
Transfer

391 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/ HTTP 302
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin HTTP 301
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/ HTTP 302
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d HTTP 301
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/ HTTP 302
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/websrc?country.x=&locale.x=_ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request websrc Show response
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/
Redirect Chain

https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/websrc?country.x=&locale.x=_

37 KB
5 KB

435ms
435ms

Document
text/html

149.255.59.17
AWARESOFT

General

Check archive.org

Show headers Download Go to

Full URL: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/websrc?country.x=&locale.x=_
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 149.255.59.17 , United Kingdom, ASN34931 (AWARESOFT, GB),
Reverse DNS: cloud008.liveboxserver.uk
Software: nginx /
Resource Hash: fdbf99d7f5e8d7cdbb6d679975ca31b5eea861aca1f0864e0bb3d995ca17efb5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 30 Jun 2023 21:34:12 GMT
server: nginx

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 30 Jun 2023 21:34:11 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: websrc?country.x=&locale.x=_
pragma: no-cache
server: nginx

GET
H2 200 layout.css
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/assets/css/ 51 KB
9 KB 88ms
87ms Stylesheet
text/css 149.255.59.17
AWARESOFT

General

Check archive.org

Show headers Download Go to

Full URL: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/assets/css/layout.css
Requested by: Host: gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
URL: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/websrc?country.x=&locale.x=_
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 149.255.59.17 , United Kingdom, ASN34931 (AWARESOFT, GB),
Reverse DNS: cloud008.liveboxserver.uk
Software: nginx /
Resource Hash: e50b882080c6a5462358bc7fb48517387c8889df7e7bd8aada5349682242f9fb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/websrc?country.x=&locale.x=_
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 21:34:12 GMT
content-encoding: br
last-modified: Sun, 27 Aug 2017 11:02:46 GMT
server: nginx
content-type: text/css

GET
H2 200 icon-PN-check.png
www.paypalobjects.com/images/shared/ 2 KB
2 KB 42ms
9ms Image
image/png 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/images/shared/icon-PN-check.png

Requested by

Host: gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
URL: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/websrc?country.x=&locale.x=_

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/7989) /

Resource Hash

4a77d272b8cf508cc4a7e0da5763faa9958e42a5554fdb5d29fc3be51d685653

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 21:34:11 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: HIT
paypal-debug-id: 89d27e36e5acb
dc: ccg11-origin-www-1.paypal.com
content-length: 2236
last-modified: Sat, 13 Feb 2021 00:20:23 GMT
accept-ch: DPR, Viewport-Width, Width, ECT, Downlink
server: ECAcc (nya/7989)
traceparent: 00-000000000000000000089d27e36e5acb-636a533b4fde7647-01
etag: "60271b47-8bc"
content-type: image/png
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Fri, 30 Jun 2023 22:34:11 GMT

GET
H2 200 glyph_alert_critical_big-2x.png
www.paypalobjects.com/images/shared/ 6 KB
6 KB 40ms
10ms Image
image/png 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/images/shared/glyph_alert_critical_big-2x.png

Requested by

Host: gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
URL: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/websrc?country.x=&locale.x=_

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/7892) /

Resource Hash

13e4806e5c517e074ab1ea26fe0f2b7b87eaa3988006f35ed0bd4c89502d0d79

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 21:34:11 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: HIT
paypal-debug-id: 6b89ec0134ddf
dc: ccg11-origin-www-1.paypal.com
content-length: 5828
last-modified: Fri, 12 Sep 2014 15:08:04 GMT
accept-ch: DPR, Viewport-Width, Width, ECT, Downlink
server: ECAcc (nya/7892)
traceparent: 00-00000000000000000006b89ec0134ddf-c57c6b841a3cbc91-01
etag: "54130c54-16c4"
content-type: image/png
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Fri, 30 Jun 2023 22:34:11 GMT

GET
H2 200 fn-sync-telemetry-min.js Show response
www.paypalobjects.com/web/res/1cf/5d991fc8223c2c9020ca6f94e84bb/js/lib/ 5 KB
3 KB 37ms
6ms Script
application/javascript 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/web/res/1cf/5d991fc8223c2c9020ca6f94e84bb/js/lib/fn-sync-telemetry-min.js

Requested by

Host: gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
URL: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/websrc?country.x=&locale.x=_

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/1C1C) /

Resource Hash

8b202d5bd55968ce4bfc21c063166eaebe62104275ce7ec362d78b64b2581c95

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 21:34:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: d343ead08fb25
dc: ccg11-origin-www-1.paypal.com
content-length: 2303
last-modified: Tue, 27 Jun 2023 18:31:58 GMT
server: ECAcc (nya/1C1C)
traceparent: 00-0000000000000000000d343ead08fb25-4da6abc4f8e401f8-01
etag: W/"649b2b1e-159e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers: x-csrf-token
expires: Sat, 29 Jun 2024 21:34:11 GMT

GET
H2 200 signin-split.js Show response
www.paypalobjects.com/web/res/1cf/5d991fc8223c2c9020ca6f94e84bb/js/ 214 KB
50 KB 42ms
12ms Script
application/javascript 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/web/res/1cf/5d991fc8223c2c9020ca6f94e84bb/js/signin-split.js

Requested by

Host: gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
URL: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/websrc?country.x=&locale.x=_

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/78EA) /

Resource Hash

6e8e37915eb1665a083fec0014daa3a3c11d5a4293bda8ba179c8d9d6cf2a9bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 21:34:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: 75e6fcaf8f62a
dc: ccg11-origin-www-1.paypal.com
content-length: 50909
last-modified: Tue, 27 Jun 2023 18:31:58 GMT
server: ECAcc (nya/78EA)
traceparent: 00-000000000000000000075e6fcaf8f62a-c08b0e33639f7f54-01
etag: W/"649b2b1e-35862"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers: x-csrf-token
expires: Sat, 29 Jun 2024 21:34:11 GMT

GET
H2 200 pa.js Show response
www.paypalobjects.com/pa/js/min/ 55 KB
21 KB 38ms
7ms Script
application/javascript 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/pa/js/min/pa.js

Requested by

Host: gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
URL: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/websrc?country.x=&locale.x=_

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/78CA) /

Resource Hash

42721cfca446477610b6ff12ec73697561ee27e7a4ae2b9bc0afc521105f66c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 21:34:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: 3062b56e223d2
dc: ccg11-origin-www-1.paypal.com
content-length: 21292
last-modified: Thu, 01 Jun 2023 08:53:38 GMT
server: ECAcc (nya/78CA)
traceparent: 00-00000000000000000003062b56e223d2-1bdcf0e01c58e9d2-01
etag: "64785c92-dac7"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers: x-csrf-token
expires: Fri, 30 Jun 2023 22:34:11 GMT

GET
H2 200 grcenterprise_v3_static.js Show response
www.paypalobjects.com/webcaptcha/ 11 KB
4 KB 41ms
11ms Script
application/javascript 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.js

Requested by

Host: gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
URL: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/websrc?country.x=&locale.x=_

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/7884) /

Resource Hash

e973d3f8f304299a283ed574e321331b07a2a70d4ec85cb1be5876b2bcaae4f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 21:34:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: 7e9de084cd4a
dc: ccg11-origin-www-1.paypal.com
content-length: 4128
last-modified: Thu, 22 Sep 2022 14:44:08 GMT
server: ECAcc (nya/7884)
traceparent: 00-000000000000000000007e9de084cd4a-d4c94d6c6294d285-01
etag: W/"632c74b8-2dea"
vary: Accept-Encoding
content-type: application/javascript
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Fri, 30 Jun 2023 22:34:11 GMT

GET
H2 200 paypal-logo-129x32.svg
www.paypalobjects.com/images/shared/ 5 KB
2 KB 7ms
7ms Image
image/svg+xml 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/images/shared/paypal-logo-129x32.svg

Requested by

Host: gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
URL: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/assets/css/layout.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/78FA) /

Resource Hash

b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 21:34:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: f983444936ec
dc: ccg11-origin-www-1.paypal.com
content-length: 1932
last-modified: Fri, 24 Oct 2014 22:52:57 GMT
server: ECAcc (nya/78FA)
traceparent: 00-00000000000000000000f983444936ec-b72d6c356e6aee01-01
etag: W/"544ad849-1351"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Fri, 30 Jun 2023 22:34:11 GMT

POST client-log
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/ 0
0

GET fb.js
c.paypal.com/da/r/ 0
0

POST client-log
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/ 0
0

POST logclientdata
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/auth/ 0
0

GET
H2 200 grcenterprise_v3_static.html
www.paypalobjects.com/webcaptcha/ Frame F3EF 5 KB
0 5ms
4ms Document
text/html 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.html

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/7954) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: gzip
content-length: 1704
content-type: text/html
date: Fri, 30 Jun 2023 21:34:11 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"632c74b8-145d"
expires: Fri, 30 Jun 2023 22:34:11 GMT
last-modified: Thu, 22 Sep 2022 14:44:08 GMT
paypal-debug-id: 8946fe2628813
server: ECAcc (nya/7954)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000008946fe2628813-cfd381058715cd28-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff

GET ts
t.paypal.com/ 0
0

POST logclientdata
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/auth/ 0
0

GET
H2 200 grcenterprise_v3_static.html
www.paypalobjects.com/webcaptcha/ Frame 41A5 0
0 8ms
8ms Document
text/html 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.html

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/7954) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: gzip
content-length: 1704
content-type: text/html
date: Fri, 30 Jun 2023 21:34:11 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"632c74b8-145d"
expires: Fri, 30 Jun 2023 22:34:11 GMT
last-modified: Thu, 22 Sep 2022 14:44:08 GMT
paypal-debug-id: 8946fe2628813
server: ECAcc (nya/7954)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000008946fe2628813-cfd381058715cd28-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
URL: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/client-log

Domain: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Domain: gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
URL: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/client-log

Domain: gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
URL: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/client-log

Domain: gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
URL: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/client-log

Domain: gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
URL: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/auth/logclientdata

Domain: t.paypal.com
URL: https://t.paypal.com/ts?v=1.7.9&t=1688160851672&g=0&pgrp=main%3Aunifiedlogin%3Asplitlogin%3A%3Aemail&page=main%3Aunifiedlogin%3Asplitlogin%3A%3Aemail%3A%3A%3A&qual=input_email&pgst=1688160851315&calc=f313017816851&nsid=kVMRnJWUBoOwU2MYW4EmL3oSyYqVbLCk&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=6f3b13bb82514b108464966e32a84849&comp=unifiedloginnodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=ccpa&xe=103119%2C107263%2C107263&xt=112308%2C133840%2C133840&transition_name=ss_prepare_email&userRedirected=true&ctx_login_ot_content=0&obex=signin&landing_page=login&state_name=begin_email&ctx_login_ctxid_fetch=ctxid-not-exist&ctx_login_content_fetch=success&ctx_login_lang_footer=shown&ctx_login_signup_btn=shown%7Cdefault&ctx_login_intent=signin&ctx_login_flow=Signin&ctx_login_state_transition=login_loaded&post_login_redirect=default&ret_url=%2F&e=im&imsrc=setup&view=%7B%22t10%22%3A1%2C%22t11%22%3A2043%2C%22tcp%22%3A2043%2C%22et%22%3A%224g%22%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A0%7D&pt=C%CE%BFnnect%20y%CE%BFur%20G%CE%BF%CE%BFgle%20acc%CE%BFunt%2C%20check%20%CE%BFut%20faster%20%CE%BFn%20y%CE%BFur%20devices&cd=24&sw=1600&sh=1200&dw=1600&dh=1200&bw=1600&bh=1200&ce=1&t1=1&t1c=0&t1d=0&t1s=0&t2=435&t3=1&t4d=0&t4=0&t4e=0&tt=0&rdc=5&protocol=h2&res=%7B%7D&3p_vid=3bf63ea27b8989b5&3p_fpti=41ee009c401f909b

Domain: t.paypal.com
URL: https://t.paypal.com/ts?v=1.7.9&t=1688160851682&g=0&e=err&page=main%3Aunifiedlogin%3Asplitlogin%3A%3Aemail%3A%3A%3A&pgrp=main%3Aunifiedlogin%3Asplitlogin%3A%3Aemail&comp=unifiedloginnodeweb&erpg=Script%20error&error_type=WINDOW_ONERROR&error_source=-%200%3A0&3p_vid=3bf63ea27b8989b5&3p_fpti=41ee009c401f909b

Domain: t.paypal.com
URL: https://t.paypal.com/ts?v=1.7.9&t=1688160851683&g=0&e=err&page=main%3Aunifiedlogin%3Asplitlogin%3A%3Aemail%3A%3A%3A&pgrp=main%3Aunifiedlogin%3Asplitlogin%3A%3Aemail&comp=unifiedloginnodeweb&erpg=Script%20error&error_type=WINDOW_ONERROR&error_source=-%200%3A0&3p_vid=3bf63ea27b8989b5&3p_fpti=41ee009c401f909b

Domain: gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
URL: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/auth/logclientdata

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 15f39eec57631068aa63d0ff0827e325

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.paypal.com
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
t.paypal.com
www.paypalobjects.com
c.paypal.com
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
t.paypal.com
149.255.59.17
192.229.210.155
13e4806e5c517e074ab1ea26fe0f2b7b87eaa3988006f35ed0bd4c89502d0d79
42721cfca446477610b6ff12ec73697561ee27e7a4ae2b9bc0afc521105f66c8
4a77d272b8cf508cc4a7e0da5763faa9958e42a5554fdb5d29fc3be51d685653
6e8e37915eb1665a083fec0014daa3a3c11d5a4293bda8ba179c8d9d6cf2a9bd
8b202d5bd55968ce4bfc21c063166eaebe62104275ce7ec362d78b64b2581c95
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
e50b882080c6a5462358bc7fb48517387c8889df7e7bd8aada5349682242f9fb
e973d3f8f304299a283ed574e321331b07a2a70d4ec85cb1be5876b2bcaae4f4
fdbf99d7f5e8d7cdbb6d679975ca31b5eea861aca1f0864e0bb3d995ca17efb5

gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com Open in urlscan Pro 149.255.59.17 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

21 Requests

52 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

3 IPs

2 Countries

102 kBTransfer

391 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com Open in urlscan Pro
149.255.59.17 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

52 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

102 kB
Transfer

391 kB
Size

1
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!